When most people think about a virus, they think of a fever, chills, and maybe a potential pandemic. But when they think about a computer virus, they think of a headache, or worse, identity theft.
USA Today reports, “Spanish newspaper El Pais cites a 12,000-page investigative report that outlines how a computer infection, spread via an infected USB thumb drive, may have been a contributing factor. The report says a malicious program precipitated failures in a fail-safe monitoring system at the airline’s headquarters in Palma de Mallorca.”
Whether or not a virus contributed to the delay or cancellation of the flight’s departure, which led to the crash, this type of scenario is possible. Now and in the future, incidents like this may involve malicious technology.
Technology plays a role in many aspects of our lives, and when that technology is corrupted, the results can be disastrous. Consider the extent to which hospitals, banks, water treatment facilities, electrical grids, airports, gas stations, and even roads rely on technology.
Steve Stasiukonis, a penetration tester, describes how USB thumb drives can turn external threats into internal ones in two easy steps. After being hired to penetrate a network, he says, “We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.”
In this scenario, the USBs were dropped in a bank parking lot, then picked up by the employees and used to compromise the network. Fortunately for the bank, this was only a test of the network’s security.
Bad guys will use every possible mechanism to accomplish their goals. Do your best to increase your security intelligence. Regardless of your job description, security is everyone’s responsibility.